发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:45:00

[原文] in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.

[CNNVD]WebTrends Reporting Center管理接口路径泄露漏洞(CNNVD-200412-830)

        WebTrends Reporting Center是一款强大的报告系统。
        WebTrends Reporting Center包含的管理接口存在路径泄露问题,远程攻击者可以利用这个漏洞获得敏感信息,进一步对系统进行攻击。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  9460
(UNKNOWN)  BUGTRAQ  20040120 WebTrends Reporting Center Path Disclosure vulnerability

- 漏洞信息

WebTrends Reporting Center管理接口路径泄露漏洞
中危 其他
2004-12-31 00:00:00 2004-12-31 00:00:00
        WebTrends Reporting Center是一款强大的报告系统。
        WebTrends Reporting Center包含的管理接口存在路径泄露问题,远程攻击者可以利用这个漏洞获得敏感信息,进一步对系统进行攻击。

- 公告与补丁


- 漏洞信息 (23559)

WebTrends Reporting Center 6.1 Management Interface Path Disclosure Vulnerability (EDBID:23559)
windows remote
2004-01-20 Verified
0 Oliver Karow
N/A [点击下载]

The WebTrends Reporting Center management interface discloses installation path information when an invalid argument for an interface URI parameter is requested. This information may permit an attacker to enumerate the layout of the underlying file system of the host.

This issue was reported for version 6.1a of the software running on Microsoft Windows. Other platforms and versions may also be affected.		

- 漏洞信息

WebTrends profileid Variable Path Disclosure

- 漏洞描述

NetIQ WebTrends Reporting Center (Enterprise ed.) for win32 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when script is supplied with an invalid "profileid" parameter which will disclose the path to the directory in which the product was installed resulting in a loss of confidentiality.

- 时间线

2004-01-21 2004-01-05
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. It has been advised that access to the WebTrends services be controlled at the router and/or firewall.

- 相关参考

- 漏洞作者

Unknown or Incomplete